Given the recent publication of the "SHAttered" SHA-1 collision proof by people at Google and the Centrum voor Wiskunde en Informatica in Amsterdam, wouldn't it be legitimate to provide safer checksums than the ones currently provided (MD5 and SHA-1) ? Granted, they've been historically used for that purpose, but now that both can be collided with legit-looking payloads with the same hash as any given payload, it would probably be best to either provide a third checksum or get rid of these old checksum hashing algos entirely and switch to a third.

If anything, we could use algorithms in the SHA-2 family, like sha256 or sha512 (for which sha256sum and sha512sum packages are available since ubuntu 12.04 « Precise Pangolin ») ; or in the SHA-3 family (for which a unique sha3sum package is available since Ubuntu 15.10 « Wily Werewolf », using a command line parameter to choose the exact algorithm and size of the resulting hash). Or even both.

Considering we've abandonned SHA-1 for our SSL/TLS certificates, (as we should have of course), it would make sense to, if not abandon them outright, at least provide safer alternatives for the checksums of dumps we provide.